feat: separate repo settings from rulesets

andhreljaKern · andhreljaKern · commit 307cb986f21f · 2024-10-07T09:59:14.000+02:00
diff --git a/.github/workflows/admin_update_repo_settings.yml b/.github/workflows/admin_update_repo_settings.yml
@@ -13,19 +13,53 @@ env:
   GH_TOKEN: ${{ secrets.GH_TOKEN }}
 
 jobs:
-  admin-update-repo-settings:
-    name: 'GitHub: Update Repo Settings'
+  admin-update-general-repo-settings:
+    name: 'GitHub: Update General Repository Settings'
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
           ref: ${{ github.ref_name }}
 
-      - name: Update Repository Settings
+      - name: Update General Repository Settings
         run: |
-          bash ./admin/update_repo_settings.sh \
-            -o ${{ github.repository_owner }} \
-            -e ${{ github.ref_name }}
+          source ./admin/update_repo_settings.sh
+
+          update_repo_general_settings ${{ github.repository_owner }} 
+          
+          echo "::notice::General Settings Updated"
+
+  admin-update-tf-module-rulesets:
+    name: 'GitHub: Update tf-module Rulesets'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref_name }}
+
+      - name: Update tf-module Rulesets
+        run: |
+          source ./admin/update_repo_settings.sh
+
+          update_tf_module_rulesets ${{ github.repository_owner }} ${{ github.ref_name }}
+          
+          echo "::notice::tf-module ${{ github.ref_name }} Rulesets Updated"
+
+  admin-update-tf-iac-rulesets:
+    name: 'GitHub: Update tf-iac Rulesets'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref_name }}
+
+      - name: Update tf-iac Rulesets
+        run: |
+          source ./admin/update_repo_settings.sh
+
+          update_tf_iac_rulesets ${{ github.repository_owner }} ${{ github.ref_name }}
           
-          echo "::notice::Release Published"
+          echo "::notice::tf-iac ${{ github.ref_name }} Rulesets Updated"
diff --git a/admin/update_repo_settings.sh b/admin/update_repo_settings.sh
@@ -1,36 +1,16 @@
 #!/bin/bash
 
-set -e
-
-REPOSITORY_OWNER="code-kern-ai"
-REPOSITORY_NAME=""
-DEV_ADMIN_GITHUB_TEAM_ID=10188509
-DEVOPS_ADMIN_GITHUB_TEAM_ID=10188507
-
-ENVIRONMENT_NAME="dev"
-
-while getopts o:e: flag
-do
-    case "${flag}" in
-        o) REPOSITORY_OWNER=${OPTARG};;
-        e) ENVIRONMENT_NAME=${OPTARG};;
-    esac
-done
+export DEV_ADMIN_GITHUB_TEAM_ID=10188509
+export DEVOPS_ADMIN_GITHUB_TEAM_ID=10188507
 
 source admin/repo_list/app_iac.sh
 source admin/repo_list/tf_iac.sh
 source admin/repo_list/tf_module.sh
 
-RULESET_CONTENT=$(echo $(sed \
-    -e "s|\${ENVIRONMENT_NAME}|${ENVIRONMENT_NAME}|g" \
-    -e "s|\${DEV_ADMIN_GITHUB_TEAM_ID}|${DEV_ADMIN_GITHUB_TEAM_ID}|g" \
-    -e "s|\${DEVOPS_ADMIN_GITHUB_TEAM_ID}|${DEVOPS_ADMIN_GITHUB_TEAM_ID}|g" \
-    admin/repo_static/${ENVIRONMENT_NAME}/ruleset.json.tmpl))
-
-
 function get_ruleset_by_name() {
-    REPOSITORY_NAME=${1}
-    RULESET_NAME=${2}
+    REPOSITORY_OWNER=${1}
+    REPOSITORY_NAME=${2}
+    RULESET_NAME=${3}
     
     echo $(gh api \
         -H "Accept: application/vnd.github+json" \
@@ -40,7 +20,17 @@ function get_ruleset_by_name() {
 }
 
 function create_ruleset() {
-    REPOSITORY_NAME=${1}
+    REPOSITORY_OWNER=${1}
+    REPOSITORY_NAME=${2}
+    ENVIRONMENT_NAME=${3}
+
+    echo "Creating ruleset for ${REPOSITORY_NAME} - ${ENVIRONMENT_NAME}"
+
+    RULESET_CONTENT=$(echo $(sed \
+        -e "s|\${ENVIRONMENT_NAME}|${ENVIRONMENT_NAME}|g" \
+        -e "s|\${DEV_ADMIN_GITHUB_TEAM_ID}|${DEV_ADMIN_GITHUB_TEAM_ID}|g" \
+        -e "s|\${DEVOPS_ADMIN_GITHUB_TEAM_ID}|${DEVOPS_ADMIN_GITHUB_TEAM_ID}|g" \
+        admin/repo_static/${ENVIRONMENT_NAME}/ruleset.json.tmpl))
 
     echo "${RULESET_CONTENT}" | gh api \
         --method POST \
@@ -51,8 +41,18 @@ function create_ruleset() {
 }
 
 function update_ruleset() {
-    REPOSITORY_NAME=${1}
-    RULESET_ID=${2}
+    REPOSITORY_OWNER=${1}
+    REPOSITORY_NAME=${2}
+    ENVIRONMENT_NAME=${3}
+    RULESET_ID=${4}
+
+    echo "Updating ruleset for ${REPOSITORY_NAME} - ${ENVIRONMENT_NAME}"
+
+    RULESET_CONTENT=$(echo $(sed \
+        -e "s|\${ENVIRONMENT_NAME}|${ENVIRONMENT_NAME}|g" \
+        -e "s|\${DEV_ADMIN_GITHUB_TEAM_ID}|${DEV_ADMIN_GITHUB_TEAM_ID}|g" \
+        -e "s|\${DEVOPS_ADMIN_GITHUB_TEAM_ID}|${DEVOPS_ADMIN_GITHUB_TEAM_ID}|g" \
+        admin/repo_static/${ENVIRONMENT_NAME}/ruleset.json.tmpl))
 
     echo "${RULESET_CONTENT}" | gh api \
         --method PUT \
@@ -62,58 +62,65 @@ function update_ruleset() {
         --input - 1>/dev/null
 }
 
-echo "::group::Updating repository settings"
-COMBINED_ARRAY=(${REPO_LIST_APP_IAC[@]} ${REPO_LIST_TF_IAC[@]} ${REPO_LIST_TF_MODULE[@]})
-for REPOSITORY_NAME in ${COMBINED_ARRAY[@]}; do
-    echo "Updating ${REPOSITORY_OWNER}/${REPOSITORY_NAME}"
-    gh api \
-        --method PATCH \
-        -H "Accept: application/vnd.github+json" \
-        -H "X-GitHub-Api-Version: 2022-11-28" \
-        /repos/${REPOSITORY_OWNER}/${REPOSITORY_NAME} \
-        -F "has_issues=true" \
-        -F "has_projects=false" \
-        -F "has_wiki=false" \
-        -F "allow_squash_merge=true" \
-        -F "allow_merge_commit=true" \
-        -F "allow_rebase_merge=false" \
-        -F "allow_auto_merge=false" \
-        -F "delete_branch_on_merge=true" \
-        -F "allow_update_branch=true" 1>/dev/null
-done
-echo "::endgroup::"
-
-echo "::group::tf-module repository rulesets"
-
-for REPOSITORY_NAME in ${REPO_LIST_TF_MODULE[@]}; do
-    if [ "${ENVIRONMENT_NAME}" = "prod" ]; then
-        # Module repositories do not need a prod ruleset
-        continue
-    fi
-
-    ruleset_id=$(get_ruleset_by_name ${REPOSITORY_NAME} ${ENVIRONMENT_NAME})
-    if [ -z "${ruleset_id}" ]; then
-        echo "Creating ruleset for ${REPOSITORY_NAME}/${ENVIRONMENT_NAME}"
-        create_ruleset ${REPOSITORY_NAME}
-    else
-        echo "Updating ruleset for ${REPOSITORY_NAME}/${ENVIRONMENT_NAME}"
-        update_ruleset ${REPOSITORY_NAME} ${ruleset_id}
-    fi
-done
-
-echo "::endgroup::"
-
-
-echo "::group::app-tf-iac repository rulesets"
-COMBINED_ARRAY=(${REPO_LIST_APP_IAC[@]} ${REPO_LIST_TF_IAC[@]})
-for REPOSITORY_NAME in ${COMBINED_ARRAY[@]}; do
-    ruleset_id=$(get_ruleset_by_name ${REPOSITORY_NAME} ${ENVIRONMENT_NAME})
-    if [ -z "${ruleset_id}" ]; then
-        echo "Creating ruleset for ${REPOSITORY_NAME}/${ENVIRONMENT_NAME}"
-        create_ruleset ${REPOSITORY_NAME}
-    else
-        echo "Updating ruleset for ${REPOSITORY_NAME}/${ENVIRONMENT_NAME}"
-        update_ruleset ${REPOSITORY_NAME} ${ruleset_id}
-    fi
-done
-echo "::endgroup::"
+function update_repo_general_settings() {
+    REPOSITORY_OWNER=${1}
+
+    echo "::group::Updating repository settings"
+    COMBINED_ARRAY=(${REPO_LIST_APP_IAC[@]} ${REPO_LIST_TF_IAC[@]} ${REPO_LIST_TF_MODULE[@]})
+    for REPOSITORY_NAME in ${COMBINED_ARRAY[@]}; do
+        echo "Updating ${REPOSITORY_OWNER}/${REPOSITORY_NAME}"
+        gh api \
+            --method PATCH \
+            -H "Accept: application/vnd.github+json" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            /repos/${REPOSITORY_OWNER}/${REPOSITORY_NAME} \
+            -F "has_issues=true" \
+            -F "has_projects=false" \
+            -F "has_wiki=false" \
+            -F "allow_squash_merge=true" \
+            -F "allow_merge_commit=true" \
+            -F "allow_rebase_merge=false" \
+            -F "allow_auto_merge=false" \
+            -F "delete_branch_on_merge=true" \
+            -F "allow_update_branch=true" 1>/dev/null
+    done
+    echo "::endgroup::"
+}
+
+function update_tf_module_rulesets() {
+    REPOSITORY_OWNER=${1}
+    ENVIRONMENT_NAME=${2}
+
+    echo "::group::tf-module repository rulesets"
+    for REPOSITORY_NAME in ${REPO_LIST_TF_MODULE[@]}; do
+        if [ "${ENVIRONMENT_NAME}" = "prod" ]; then
+            # Module repositories do not need a prod ruleset
+            continue
+        fi
+
+        ruleset_id=$(get_ruleset_by_name ${REPOSITORY_OWNER} ${REPOSITORY_NAME} ${ENVIRONMENT_NAME})
+        if [ -z "${ruleset_id}" ]; then
+            create_ruleset ${REPOSITORY_OWNER} ${REPOSITORY_NAME} ${ENVIRONMENT_NAME}
+        else
+            update_ruleset ${REPOSITORY_OWNER} ${REPOSITORY_NAME} ${ENVIRONMENT_NAME} ${ruleset_id}
+        fi
+    done
+    echo "::endgroup::"
+}
+
+function update_tf_iac_rulesets() {
+    REPOSITORY_OWNER=${1}
+    ENVIRONMENT_NAME=${2}
+
+    echo "::group::app-tf-iac repository rulesets"
+    COMBINED_ARRAY=(${REPO_LIST_APP_IAC[@]} ${REPO_LIST_TF_IAC[@]})
+    for REPOSITORY_NAME in ${COMBINED_ARRAY[@]}; do
+        ruleset_id=$(get_ruleset_by_name ${REPOSITORY_OWNER} ${REPOSITORY_NAME} ${ENVIRONMENT_NAME})
+        if [ -z "${ruleset_id}" ]; then
+            create_ruleset ${REPOSITORY_OWNER} ${REPOSITORY_NAME} ${ENVIRONMENT_NAME}
+        else
+            update_ruleset ${REPOSITORY_OWNER} ${REPOSITORY_NAME} ${ENVIRONMENT_NAME} ${ruleset_id}
+        fi
+    done
+    echo "::endgroup::"
+}
